diff --git a/src/main/java/net/hostsharing/hsadminng/config/CasAuthenticationFilter.java b/src/main/java/net/hostsharing/hsadminng/config/CasAuthenticationFilter.java
index 5e849ef0..41b0a93e 100644
--- a/src/main/java/net/hostsharing/hsadminng/config/CasAuthenticationFilter.java
+++ b/src/main/java/net/hostsharing/hsadminng/config/CasAuthenticationFilter.java
@@ -21,12 +21,12 @@ public class CasAuthenticationFilter extends OncePerRequestFilter {
     protected void doFilterInternal(
             HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) {
 
-        final var authenticatedRequest = new AuthenticatedHttpServletRequestWrapper(request);
-
         if (request.getHeader("Authorization") != null) {
+            final var authenticatedRequest = new AuthenticatedHttpServletRequestWrapper(request);
             final var currentSubject = authenticator.authenticate(request);
             authenticatedRequest.addHeader("current-subject", currentSubject);
+            filterChain.doFilter(authenticatedRequest, response);
         }
-        filterChain.doFilter(authenticatedRequest, response);
+        filterChain.doFilter(request, response);
     }
 }